commit bef270a9cfa9c3e6d3c1abea859c9cc42925df0f
author David Benjamin <davidben@chromium.org> Sat Aug 02 04:22:02 2014 -0400
committer Adam Langley <agl@google.com> Mon Aug 04 20:10:43 2014 +0000
tree b08e93d7411867c5a18590d81006d9ae6333c16c
parent d86c7671a84269e63bf653237d3459d8157b4446

Add server-side FallbackSCSV tests.

Assert that inappropriate fallbacks are detected, but if the client_version
matches the server's highest version, do not abort the handshake.

Change-Id: I9d72570bce45e1eb23fc2b74a3c5fca10562e573
Reviewed-on: https://boringssl-review.googlesource.com/1373
Reviewed-by: Adam Langley <agl@google.com>

ssl/test/runner/runner.go

diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index bec89b1..07b1a12 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -380,6 +380,27 @@
 			},
 		},
 	},
+	{
+		testType: serverTest,
+		name:     "FallbackSCSV",
+		config: Config{
+			MaxVersion: VersionTLS11,
+			Bugs: ProtocolBugs{
+				SendFallbackSCSV: true,
+			},
+		},
+		shouldFail:    true,
+		expectedError: ":INAPPROPRIATE_FALLBACK:",
+	},
+	{
+		testType: serverTest,
+		name:     "FallbackSCSV-VersionMatch",
+		config: Config{
+			Bugs: ProtocolBugs{
+				SendFallbackSCSV: true,
+			},
+		},
+	},
 }
 
 func doExchange(testType testType, config *Config, conn net.Conn, messageLen int) error {